just a minor label change to prior commit
[openemr.git] / controllers / C_PatientFinder.class.php
bloba48022b3894fcde33ffd225d535a1ab18298260e
1 <?php
4 class C_PatientFinder extends Controller {
6 var $template_mod;
7 var $_db;
9 function __construct($template_mod = "general") {
10 parent::__construct();
11 $this->_db = $GLOBALS['adodb']['db'];
12 $this->template_mod = $template_mod;
13 $this->assign("FORM_ACTION", $GLOBALS['webroot']."/controller.php?" . $_SERVER['QUERY_STRING']);
14 ///////////////////////////////////
15 //// What should this be?????
16 //////////////////////////////////
17 $this->assign("CURRENT_ACTION", $GLOBALS['webroot']."/controller.php?" . "practice_settings&patient_finder&");
18 /////////////////////////////////
19 $this->assign("STYLE", $GLOBALS['style']);
23 function default_action($form_id='',$form_name='',$pid='') {
24 return $this->find_action($form_id,$form_name,$pid);
27 /**
28 * Function that will display a patient finder widged, allowing
29 * the user to input search parameters to find a patient id.
31 function find_action($form_id, $form_name,$pid) {
32 $isPid = false;
33 //fix any magic quotes meddling
35 $form_id = strip_escape_custom($form_id);
36 $form_name = strip_escape_custom($form_name);
37 $pid = strip_escape_custom($pid);
39 //prevent javascript injection, whitespace and semi-colons are the worry
40 $form_id = preg_replace("/[^A-Za-z0-9\[\]\_\']/iS","",urldecode($form_id));
41 $form_name = preg_replace("/[^A-Za-z0-9\[\]\_\']/iS","",urldecode($form_name));
42 $this->assign('form_id', $form_id);
43 $this->assign('form_name', $form_name);
44 if(!empty($pid))
45 $isPid = true;
46 $this->assign('hidden_ispid', $isPid);
48 return $this->fetch($GLOBALS['template_dir'] . "patient_finder/" . $this->template_mod . "_find.html");
51 /**
52 * Function that will take a search string, parse it out and return all patients from the db matching.
53 * @param string $search_string - String from html form giving us our search parameters
55 function find_action_process() {
57 if ($_POST['process'] != "true")
58 return;
60 $isPub = false;
61 $search_string = $_POST['searchstring'];
62 if(!empty($_POST['pid']))
64 $isPub = !$_POST['pid'];
66 //get the db connection and pass it to the helper functions
67 $sql = "SELECT CONCAT(lname, ' ', fname, ' ', mname) as name, DOB, pubpid, pid FROM patient_data";
68 //parse search_string to determine what type of search we have
69 $pos = strpos($search_string, ',');
71 // get result set into array and pass to array
72 $result_array = array();
74 if($pos === false) {
75 //no comma just last name
76 $result_array = $this->search_by_lName($sql, $search_string);
78 else if($pos === 0){
79 //first name only
80 $result_array = $this->search_by_fName($sql, $search_string);
82 else {
83 //last and first at least
84 $result_array = $this->search_by_FullName($sql,$search_string);
86 $this->assign('search_string',$search_string);
87 $this->assign('result_set', $result_array);
88 $this->assign('ispub', $isPub);
89 // we're done
90 $_POST['process'] = "";
93 /**
94 * Function that returns an array containing the
95 * Results of a LastName search
96 * @-param string $sql base sql query
97 * @-param string $search_string parsed for last name
99 function search_by_lName($sql, $search_string) {
100 $lName = add_escape_custom($search_string);
101 $sql .= " WHERE lname LIKE '$lName%' ORDER BY lname, fname";
102 //print "SQL is $sql \n";
103 $result_array = $this->_db->GetAll($sql);
104 //print_r($result_array);
105 return $result_array;
109 * Function that returns an array containing the
110 * Results of a FirstName search
111 * @param string $sql base sql query
112 * @param string $search_string parsed for first name
114 function search_by_fName($sql, $search_string) {
115 $name_array = explode(",", $search_string);
116 $fName = add_escape_custom( trim($name_array[1]) );
117 $sql .= " WHERE fname LIKE '$fName%' ORDER BY lname, fname";
118 $result_array = $this->_db->GetAll($sql);
119 return $result_array;
123 * Function that returns an array containing the
124 * Results of a Full Name search
125 * @param string $sql base sql query
126 * @param string $search_string parsed for first, last and middle name
128 function search_by_FullName($sql, $search_string) {
129 $name_array = explode(",", $search_string);
130 $lName = add_escape_custom($name_array[0]);
131 $fName = add_escape_custom( trim($name_array[1]) );
132 $sql .= " WHERE fname LIKE '%$fName%' AND lname LIKE '$lName%' ORDER BY lname, fname";
133 //print "SQL is $sql \n";
134 $result_array = $this->_db->GetAll($sql);
135 return $result_array;